6939 matches found
CVE-2015-0816
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as...
Mozilla: Same-origin bypass through anchor navigation (MFSA 2015-40)
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818...
CVE-2015-0801
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818...
firefox: multiple issues
CVE-2015-0801 same-origin bypass Mozilla developer Olli Pettay reported that while investigating Mozilla Foundation Security Advisory 2015-28, he and Mozilla developer Boris Zbarsky found an alternate way to trigger a similar vulnerability. The previously reported flaw used an issue with SVG...
CVE-2015-0816
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as...
FreeBSD : mozilla -- multiple vulnerabilities (d0c97697-df2c-4b8b-bff2-cec24dc35af8)
The Mozilla Project reports : MFSA-2015-30 Miscellaneous memory safety hazards rv:37.0 / rv:31.6 MFSA-2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin MFSA-2015-32 Add-on lightweight theme installation approval bypassed through MITM attack MFSA-2015-33 resource:// documents can...
UBUNTU-CVE-2015-0801
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818...
UBUNTU-CVE-2015-0816
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as...
KLA10525 Multiple vulnerabilities in Mozilla Firefox, Mozilla Firefox ESR, Mozilla Thunderbird
Multiple serious vulnerabilities have been found in Mozilla Firefox before 37.0, Mozilla Firefox ESR 31.x before 31.6, Mozilla Thunderbird before 31.6. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause a denial of service heap memory corruption and bypass an...
resource:// documents can load privileged pages — Mozilla
Security researcher Mariusz Mlynski reported, through HP Zero Day Initiative's Pwn2Own contest, that documents loaded though a resource: URL, such as Mozilla's PDF.js PDF file viewer, were able to subsequently load privileged chrome pages. The privilege restrictions on resource: URLs was handled...
Same-origin bypass through anchor navigation — Mozilla
Mozilla developer Olli Pettay reported that while investigating Mozilla Foundation Security Advisory 2015-28, he and Mozilla developer Boris Zbarsky found an alternate way to trigger a similar vulnerability. The previously reported flaw used an issue with SVG content navigation to bypass...
Mozilla official rushed to repair the Pwn2Own contest on the disclosure of the Firefox browser vulnerability-vulnerability warning-the black bar safety net
3 on 1 8 March, the world's top hacker contest Pwn2Own2015 in Vancouver, Canada, opened the Battle screen, and the brightest great God recount, Mariusz Mlynski in a very short period of time compromised the Firefox get 3 0 0 0 0 $ a huge bonus. And Mozilla official at the end of the game...
SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 10524)
Mozilla Firefox was updated to the 31.5.3ESR release to fix two security vulnerabilities : - Security researcher ilxu1a reported, through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-time compilation JIT and its...
Adobe cve-2 0 1 1-2 4 6 1 vulnerability can still be exploited-vulnerability warning-the black bar safety net
A There have been four years of Adobe Flash patch did not correctly resolve the Flex application vulnerable issue, and the attacker still can exploit this vulnerability. Reportedly, this vulnerability affects the world Alexa rank of the top ten most popular sites in the 3 0 percent. Linkedln...
Mozilla: Privilege escalation through SVG navigation (MFSA 2015-28)
Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation...
CVE-2015-0818
Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation...
Design/Logic Flaw
Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation...
CVE-2015-0818
CVE-2015-0818 affects Mozilla Firefox (pre-36.0.4), Firefox ESR (pre-31.5.3 for 31.x), and SeaMonkey (pre-2.33.1). The root cause is a flaw in processing SVG hash navigation that bypasses the Same Origin Policy, allowing remote attackers to execute arbitrary JavaScript with chrome privileges. The...
Debian DSA-3201-1 : iceweasel - security update
Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-0817 ilxu1a reported a flaw in Mozilla's implementation of typed array bounds checking in...
SeaMonkey < 2.33.1 Multiple Vulnerabilities
The version of Mozilla SeaMonkey installed on the remote host is prior to 2.33.1. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists due to an out-of-bounds error in typed array bounds checking within 'asmjs/AsmJSValidate.cpp', which relates to...